Security model
The Db2® JSON security model uses Db2 authentication and authorization. It supports an extra optional layer that is specific to the wire listener and is based on user registration to enable authentication with a MD5-hash mechanism.
Db2 JSON provides a Java™ API, a command-line interface, and a wire listener to work with JSON documents in a Db2 database.
The Java API or the command-line interface establish a connection with the user's specified connection information. All privileges and restrictions apply for this user as defined by the Db2 Security Administrator, either directly or as member of a group.
The wire-listener establishes
connections with proxy users and enables different security options.
The following topics describe the security concept as pertinent for
the wire listener. It is based on three elements:
| Security Element | Description |
|---|---|
| Client Application Security | The client application authenticates and authorizes users on an application level. It can also provide anonymous user access. The client application sets the appropriate user ID into the request that is sent to the wire-listener. |
| Wire Listener Security | If the wire-listener is configured to authenticate users, the user ID in the request must be registered with the wire listener. The user ID can be assigned role-based authorizations or database context user ID or both. |
| Database Security | The wire listener connects with a proxy database user ID to the database and, if trusted context is configured, establishes the context with the registered information for the user. With the use of trusted context, if anonymous user support is required by an application, the trusted context must have an association to a valid database user to establish context. |
